Special ransomware protection: SEP Immutable Storage (SiS) offers a file storage function that is resistant to ransomware attacks and is based on sesam's own deduplication technology "Si3 NG" for Linux. Backups are increasingly becoming one of the targets of attacks, so that backups could be deleted, modified or encrypted in these ransomware attacks.
SiS is a very effective protection against ransomware attacks because even with full admin access to the SEP sesam Backup Server, attackers cannot delete, modify or encrypt the data stored on SiS.
SEP Immutable Storage, also called Si-Storage or SiS, protects your SEP sesam backup data!
SiS - Highlights at a glance
Resistant to ransomware attacks
Immutability ensures that the data is static, unchangeable and cannot be deleted. Attackers can therefore not change, encrypt or delete it, even if they have gained access to your backup environment.
Resistant to human error & malicious insider threats
No one on the inside, regardless of their role in the company and their user status, can manipulate or delete the data either intentionally or accidentally.
Ensuring compliance with data security and compliance regulations
SiS can ensure that the data is stored in accordance with industry requirements and legal regulations by guaranteeing the immutability and authenticity of the data. The immutability guarantees the integrity of the data and its deletion after a certain period of time (retention time to be set).
Legal obligation to retain data
Ensures data authenticity in the event of legal disputes and the secure keeping of sensitive information for a certain period of time.
SiS – Functionality
The Si3 NG Deduplication Store must be set up on a dedicated Linux server with SEP sesam installed and connected directly to the SEP sesam Server via TCP network access to protect it from attacks via VM access.
Remote access is protected
If SSH access to the SiS server is enabled, completely different login credentials than the SEP sesam Admin and Server Root must be used so that they cannot be compromised and stored in a remote location to which the SEP sesam Server has no access. Robust authentication and authorisation must be observed together with the Principles of least Privilege and Separation of Duties (SOD). It is recommended that SEP sesam components only communicate via a restricted TCP port using non-root credentials.
Immutable data
Controlled access with flexible data retention time setting, while the objects are WORM protected and immutable so that access to the data is restricted - The data cannot be modified, encrypted or deleted.
No access authorisation
Once the immutability period is set, not even privileged accounts, such as an authorised backup administrator, can change, prematurely expire or delete the retention.
Assured data integrity
Each object stored on SiS has its own hash value, which is based on its content and ensures its integrity. When updated data is stored in an immutable file system, it is stored in a new location so that only the changed block is written and the metadata of the file location is updated. In this way, the data in an immutable file system remains the same, while the metadata changes over time.
Guaranteed immutability through SiS
The immutability of SiS is based on the underlying file system. If old backup data is moved from SiS to another storage, e.g. to a cheaper archive storage in the cloud or to tape, SEP sesam no longer has ownership of the data, which is now located in a domain of the selected storage, and immutability is no longer guaranteed by SEP sesam.
What is supported with SiS?
SiS supports all backup task types otherwise supported by SEP sesam:
- All path backups (file system)
- All supported VM backup tasks: Citrix XEN Server/XCP-ng, Hyper-V, KVM QEMU, Nutanix AHV, OpenNebula, Oracle Linux Virtualisation Manager (OLVM), Proxmox VE, Red Hat Virtualization (RHV), VMware vSphere
- All supported database backups: IBM DB2, Informix, MS SQL, MySQL/MariaDB, Oracle, PostgreSQL, SAP, SAP ERP with MaxDB
- All supported groupware backups: GroupWise, HCL (IBM) Domino, Kopano, MS Exchange, SharePoint
